Malware removal

How to use Windows Defender Offline for difficult virus removal on Windows 10

If your PC gets infected with a nasty malware, you can use Windows Defender Offline scan to remove it — Here's how to use the tool.

Windows Defender Offline scan on Windows Defender Security Center

Sometimes malware and other malicious software can be very difficult to remove while you’re signed in to your device. However, if you’re running Windows 10, you can use the Windows Defender Offline feature to scan and remove all type of malware, including viruses, rootkit, ransomware, and other malicious software no matter how tough they are.

Windows Defender Offline has been part of the Windows Defender Antivirus for a long time, and it’s a feature that allows the antivirus to run without loading Windows 10. This is particularly useful because when your device is infected with a highly persistent malware, it’s extremely complicated to remove it while the OS is fully loaded.

Although you were able to run the antivirus offline in the past, starting with the Windows 10 Creators Update, the steps to perform an advanced scan has changed, as the Windows Defender Antivirus is now part of the new Windows Defender Security Center dashboard that comes built into the OS.

In this guide, you’ll learn the steps to use the Windows Defender Offline scan using the new experience to remove rootkit, ransomware, and other nasty viruses from your PC running the Windows 10 Creators Update.

How to use Windows Defender Offline scan

  1. Open Windows Defender Security Center.

  2. Click on Virus & threat protection.

  3. Click the Advanced scan link.

    Windows Defender Antivirus settings
    Windows Defender Antivirus settings
  4. Select the Windows Defender Offline scan option.

  5. Click the Scan now button.

    Windows Defender Offline scan settings
    Windows Defender Offline scan settings

Your computer will now restart and boot into Windows Defender Offline, and the scan will start automatically. If the antivirus detects any virus or rootkit, it’ll remove them automatically.

Windows Defender Antivirus should be running the latest definition, but you can always click the Update tab to check for new updates.

Windows Defender Offline scanning
Windows Defender Offline scanning

Once the scan completes, click the “X” button on the top-right to exit the tool and restart your computer normally.

Alternatively, if you can’t access your computer, it’s possible to download the standalone version of Windows Defender Offline using these links:

  • Windows Defender Offline standalone 32-bit | Download
  • Windows Defender Offline standalone 64-bit | Download

Then you’ll need to create a bootable media to scan your offline to remove any malware using Windows Defender.